threat intel advanced T1528
OAuth Abuse in SaaS: The Attack Moved to the Authorization Layer — Your Detection Didn't
OAuth abuse bypasses MFA by attacking authorization, not authentication. Most SOCs don't collect consent-grant telemetry — here's what to detect.
· 11 min read
#identity
#oauth
#saas
#sigma